You can write a <script src="http://www.dangrossman.info/wp-admin"> tag into YOUR document! That's not blocked, the request will happen. But since that URL returns HTML, not JavaScript, you can't get at the result from your code

It's the way JSONP works though, inject a <script> tag, except the URL you point at is a proxy that wraps the HTML in JSON and trigger a callback, so it is javascript nad you can get at the HTML through the javascript object it was wrapped in

I can write <script src="http://blog.mosheberman.com/wp-admin/edit-post.php?action=delete&id=1"> into a webpage, and if you visit it while logged into your blog, and that URL actually deleted a post, it'd do so :P

There's no way to protect against that from the browser vendor point of view, you just have to rely on the app makers (WordPress) to defend against that kind of thing

@DanGrossman I think that's a reference to a client, or something like that. For example, one of my contacts in Pidgin has 3 separate resources listed. One is available and the other 2 are marked as away.

The problem is getting someone else to use your program to log in to some other website... if you can get someone else to willingly install your malicious software, just send them a keylogger and skip writing a browser

No, you can't use it to hack other sites, you can only hack your own sites, unless you get SOMEONE ELSE to use your broken firefox/chrome

Why trick them into downloading a broken browser you have to then get them to log into secure sites with then get them to visit your malicious site with? Just trick them into downloading a rootkit and steal their whole computer.

In computer science, session hijacking is the exploitation of a valid computer session—sometimes also called a session key—to gain unauthorized access to information or services in a computer system. In particular, it is used to refer to the theft of a magic cookie used to authenticate a user to a remote server. It has particular relevance to web developers, as the HTTP cookies used to maintain a session on many web sites can be easily stolen by an attacker using an intermediary computer or with access to the saved cookies on the victim's computer (see HTTP cookie theft).
TCP session hija...

Check out the site, look at the HTTP headers for the web server version, if it's not the very latest version that means there are known vulnerabilities you can just look up in security bulletins then exploit

Now check if the site has a blog, a forum, or other open source software installed. Look at the meta generator tag or footer for the version number. If it's not the latest version that means there are known vulnerabilities you can just look up in security bulletins then exploit

> Thanks to your support, Imgur has been growing rapidly for quite some time. Sometimes it's even hard to keep up with all the traffic! Unfortunately, a side effect of all this growth is that sometimes we must take the site down in order to push out upgrades and other improvements the service. This happens very rarely, but it does happen, such as right now.

About
This script adds a little 'auto' link next to all comments boxes.
Clicking on the link opens the dialog box below, which allows you to select some pre-fabricated comments which might be helpful for educating users before flagging their posts. Note that the dialog only inserts the tex...

I have two javascript functions, one to turn a datespan into a 'pretty' string, the other to turn a time period into a pretty string.
Similar context to Stack Exchange user profile (Member for: 1 year, 2 months. Last seen: yesterday)
I don't like this code at all, but I don't want to make it t...

God I'm a moron... you can't do that because the with_jquery section is ran in the browser space, while defining the other stuff in the script in the script itself would be sandboxed and thus not available

In an answer to this question: Can we have some linking etiquette and guidelines? I suggested that if a link is made to a related page on the TeX SE, the link text should be the document/question title. This provides much more information about the target link than "this question" or "here".
Mu...